1. Field of Invention
The present invention relates to the field of computer security technology, and in particular to a security chip having a security interface.
2. Description of Prior Art
Nowadays, various information processing apparatuses have been widely used in people's daily life. So-called information processing apparatus is mainly referred to as a personal computer (PC), a notebook computer, a palm computer, a mobile phone and the like.
The organization of Trusted Computing Platform Alliance (TCPA) initiated by Intel, IBM, HP, Microsoft and Compaq in 1999 has been promoting the establishment of a trusted computing environment and defined an architecture for platform device authentication as well as specification for security chip embedded in mainboard TPM (Trusted Platform Module) and upper-layer software middleware TSS (Trusted Software Stack). In 2003, TCPA was restructured as Trusted Computing Group (TCG) and made necessary supplement to TPM and TSS.
FIG. 1 shows a schematic diagram for the structure of a security chip system required by TCG. The security chip comprises a processor module 101 for performing control, such as a micro-controller unit (MCU) processor, an encryption/decryption module 102, a storage module 103 for storing encryption/decryption keys, an input/output (IO) interface module 104 and a power detecting module 105 for detecting the power supply of the security chip. All of the modules are connected with each other via an internal bus in the security chip. The processor module 101 controls the encryption/decryption module 102 according to an instruction received from the I/O interface module 104, or sends the instruction processing result to the I/O interface module 104 according to the received instruction or retrieves secret information such as a key from the storage module 103 directly and sends it to the I/O interface module 104. The encryption/decryption module 102, under the control of the processor module 101, retrieves the pre-stored encryption/decryption keys from the storage module 103, encrypts/decrypts the received data with the encryption/decryption keys and transmits the encrypted/decrypted data to external devices via the I/O interface module 104, which serves to transmit data and/or instructions between the security chip and the external devices.
The encryption/decryption module 102 generally consists of a secure hash algorithm/hashed message authentication code (SHA/HMAC) engine module, a random number generator, a RSA processor (where RSA is not an acronym but a common reference to a public key cryptography algorithm developed by three men with last names beginning with R, S and A) module and a key generation module. The SHA/HMAC engine module which is controlled by the processor module 101 conducts SHA/HMAC operation on the received data and sends the calculated result to the I/O interface module 104. The RSA processor module, also under the control of the processor module 101, conducts RSA operation on the received data and sends the calculated result to the I/O interface module 104. The random number generator generates random numbers for random key generation under the control of the processor module 101. The key generation module generates keys required by RSA and SHA/HMAC algorithm using the random numbers generated by the random number generator. The storage module 103 is formed of a nonvolatile storage for holding key data, user data and programs and a volatile storage for saving temporal data and temporal programs.
The security chip can further include other optional components for managing the current status of the security chip.
FIG. 2 is a schematic diagram showing the connection between a security chip and a mainboard in the prior art. The CPU 201 of the information processing apparatus is connected to a north bridge 202 on the mainboard, and the north bridge 202 is connected directly to a south bridge 203 and a static RAM (SRAM) 204, respectively. The south bridge 103 is connected directly to a Super Input/Output (SuperIO) interface 205 and the security chip 206, respectively, via a LPC (Low Pin Count) bus. The primary functions of the security chip specified by TCG currently include: conducting integrity verification on BIOS during the startup of a computer and verifying the integrity for hardware devices and for operating system; monitoring and verifying the integrity for protected application software after the operating system starts running; generating and managing various keys in the system; and providing digital signature if necessary.
Although the security chip can ensure a secured running environment for the information processing apparatus, the above mentioned security chip can not guarantee the safety for input and output stages. This is caused by the fact that the security chip only monitors and verifies the existing data inside the information processing apparatus, but the data being inputted and outputted is not subjected to be monitored and verified. At present, many Trojan horse programs can monitor data entered via a keyboard, the on-screen position of a mouse and output data sent to a video card so as to acquire confidential information relevant to a user. Obviously, this is a loophole to any trusted terminal based on security chip. Consequently, the existing chip has not yet overcome the problems related to trusted input and output.